Intrusion Detection System Requirements: A Capabilities Description in Terms of the Network Monitoring and Assessment Module of CSAP21

Over the past several years, MITRE has engaged in a number of projects involving intrusion detection. A principal sponsor of this work has been the United States Air Force. As part of our mission to serve the public good, we have created this collection of documents. The primary purpose of this collection is to influence vendors and others, such as researchers and prototype developers, to develop automated tools that can better meet the needs of the Air Force. The documents in this collection have been produced with funding from the C2 Protect Mission Oriented Investigation and Experimentation (MOIE) Project of fiscal year 1999 and the Intrusion Detection System MOIE Projects of fiscal years 2000 and 2001. The fiscal year 2001 Air Force-sponsored MOIE Project's task titled "Data Fusion for Intrusion Detection" is focusing its effort on developing a protocol for interoperation among monitors and managers that deal with intrusion detection and related functions. The protocol is to be vendor-neutral, extensible, and adaptable to the needs of smart sensors. The task will likely leverage the Internet Engineering Task Force (IETF) Intrusion Detection Working Group's decision to develop an extensible markup language (XML)-based protocol for sensor alert transmission to develop the more powerful, more general protocol that is the stated goal of the task. An important adjunctive effort is to maintain in-depth knowledge of the state of the intrusion detection marketplace, keeping abreast of the state of the art.